- hosts: localhost
#  vars_prompt:
#    - name: vncpassword
#      prompt: What is the VNC password (only used if -tags vnc specified)
#      private: no
#      tags:
#        - vnc
#        - never

  tasks:

  - name: Remove Apt Packages
    become: yes
    apt:
      state: absent
      name:
        - vino
    tags:
      - vnc
      - never

  - name: Install NGINX Apt Packages
    become: yes
    apt:
      state: present
      name:
        - net-tools
        - nginx-extras
        - php7.4-cli
        - php7.4-curl
        - php7.4-xml
        - php7.4-json
        - php7.4-fpm
    tags:
      - nginx
      - never

  - name: Restart NGINX services
    become: yes
    command: systemctl restart nginx.service
    tags:
      - nginx
      - never

  - name: Install Security Apt Packages
    become: yes
    apt:
      state: present
      name:
        - ufw
        - fail2ban
    tags:
      - ufw
      - never

  - name: Setup UFW
    become: yes
    shell: |
      ufw enable
      ufw allow 'Nginx HTTP'
      ufw allow 'Nginx HTTPS'
      ufw allow Samba
      ufw allow from 192.168.0.0/24 to any
      ufw status
    tags:
      - ufw
      - never

  - name: Install VNC Apt Packages
    become: yes
    apt:
      state: present
      name:
        - x11vnc
    tags:
      - vnc
      - never

  - name: Setup fail2ban
    become: yes
    copy:
#      src: /etc/fail2ban/jail.conf
      src: ./root/etc/fail2ban/jail.conf
      dest: /etc/fail2ban/jail.local
      force: no
    tags:
      - ufw
      - never

  - name: Restart fail2ban services
    become: yes
#    command: service fail2ban restart
    command: systemctl restart fail2ban.service
    tags:
      - ufw
      - never

  - name: Create XVNC dir
    become: yes
    file:
      path: /etc/x11vnc
      state: directory
      force: no
    tags:
      - vnc
      - never

  - pause:
      prompt: What is the VNC password
      echo: true
    register: result
    tags:
      - vnc
      - never

  - name: Set password
    set_fact:
      vncpassword: "{{ result.user_input }}"
    tags:
      - vnc
      - never

  - name: Setup VNC password
    become: yes
    command: x11vnc --storepasswd {{ vncpassword }} /etc/x11vnc/vncpwd
    args:
      creates: /etc/x11vnc/vncpwd
    tags:
      - vnc
      - never

  - name: Copy VNC start file
    become: yes
    copy:
      src: ./startup/x11vnc.service
      dest: /lib/systemd/system/x11vnc.service
      mode: '0775'
      force: no
    tags:
      - vnc
      - never

  - name: Start VNC 
    become: yes
    command: systemctl daemon-reload
    tags:
      - vnc
      - never

  - name: Setup VNC at boot time
    become: yes
    command: systemctl enable x11vnc.service
    tags:
      - vnc
      - never

  - name: Start VNC
    become: yes
    command: systemctl start x11vnc.service
    tags:
      - vnc
      - never

  - name: Install Zed Attack Proxy (ZAP) Security Test Tool
    become: yes
    command: flatpak install --assumeyes flathub org.zaproxy.ZAP
#    args:
#      creates: /home/{{ ansible_user }}/Desktop/Visual Studio Code.desktop
    tags:
      - testtools
      - never

  - name: Install Security Test Tool Apt Packages
    become: yes
    apt:
      state: present
      name:
        - wapiti
    tags:
      - testtools
      - never

  - name: Install Network Test Tool Apt Packages
    become: yes
    apt:
      state: present
      name:
        - nethogs
        - nload
        - iftop
        - vnstat
        - bmon
    tags:
      - testtools
      - never

  - name: Install Portmaster
    become: yes
    apt:
      deb: https://updates.safing.io/latest/linux_amd64/packages/portmaster-installer.deb
    tags:
      - testtools
      - never

  - name: Install HttpToolkit
    become: yes
    apt:
      deb: https://github.com/httptoolkit/httptoolkit-desktop/releases/download/v1.12.6/HttpToolkit-1.12.6.deb
    tags:
      - testtools
      - never

  - name: Install Docker
    become: yes
    apt:
      state: present
      name:
        - docker.io
    tags:
      - docker
      - never

  - name: Install Apache in Docker
    become: yes
    command: docker pull httpd
    tags:
      - apache
      - never

  - name: Create Apache Persistent Volume
    become: yes
    command: docker volume create apache-data
    tags:
      - apache
      - never